A few years ago we wrote about a handy bookmarklet that would make Firefox remember passwords on some sites that ordinarily wouldn’t, like Yahoo! or Paypal. Some people on the article were reporting that this no longer works in Firefox 3, but one anonymous commenter referenced a rather clever workaround.

The trick requires the modification of a JavaScript file that Firefox uses for managing login-related tasks. Once the workaround is applied Firefox will start ignoring any attributes in the login forms that try to tell the browser not to remember a password. You’ll still be able to choose whether or not you want a password remembered for a particular site, but at least now the choice will be left up to you.

First things first. We need to open the nsLoginManager.js file in a text editor. The location of the file is a bit different depending on what OS you’re using:

  • Windows:
    You’ll find the file in the components folder where Firefox was installed:
    C:\Program Files\Mozilla Firefox\components\nsLoginManager.js
  • Mac:
    Find Firefox in your Applications folder, right-click on it, and choose the option to Show Package Contents. Then within the Firefox.app navigate to the file:
    Firefox.app\Contents\MacOS\components\nsLoginManager.js

Alright. This is where my instructions get a little different than what’s provided by the person who found this workaround. They want you to remove a few lines of code from this file, but all you really need to do is flip a value from true to false. That way it’s a lot easier to revert back to the file’s original state should you ever need to.

Now you need to perform a search on the file for:

_isAutocompleteDisabled

You should be taken to a section of the file that looks something like this:

autocomplete before.png

You’ll notice that I’ve highlighted line number 770 (your line number may be different), and it says:

return true;

You need to change that to say:

return false;

It should now look like this:

autocomplete after.png

Save the changes to this file, and then restart Firefox. Now when you go to a site like Paypal you should see a prompt to save the password just like it does for most other sites:

remember paypal password.png

The only downside to this trick is that you may need to re-apply it after updating or reinstalling Firefox. Other than that it works great, and is a little nicer than the bookmarklet since it doesn’t require any additional interaction after being set up.

There Are 103 Comments

  1. Well what about security? Why should I make firefox to remember my paypal account password? Seriously, I just don’t see the point making your system more vulnerable or I’m missing something?

    • You can also use FireFox’s Master Password feature that requires you to enter it before you launch FireFox, plus it encrypts your passwords.

      However, if you forget that one then you’re lost completely.

    • You can make the Firefox “Master Password” more complicated, and thus more secure, as it is the only one you will need to remember for ALL of your sites. Passwords are used on many sites besides “paypal” and some are not a security risk. Some sites are just supplying your personalized data or account status. This really helps as the ID and password are filled in when you get to the web page the next time. Just enter the “Master Password” and you are ready to go! Oh, and you only need to enter that once during a Web Browser session.

      When you login to a site you do not want Firefox to remember simply click on “never remember” and you will have to enter it every time.

      I would suggest that you may want to write down the “Master Password” and keep it in a safe place… at least till you have gotten in the habit of using it.

  2. You could always save your profile folder to an encrypted volume, in which case you’ve actually increased overall security anyway.

  3. Now that’s a nice one :) Gracias!

  4. Vladimir Kolev wrote:
    Well what about security? Why should I make firefox to remember my paypal account password? Seriously, I just don’t see the point making your system more vulnerable or I’m missing something?

    If you’re the only person who uses your computer then it’s handy not having to type it in all the time.

  5. There is a Greasemonkey script I use for this:
    [userscripts.org]

  6. Will it affect online password management site like MashedLife.com? It shouldn’t, right?

    I hope Firefox upgrades regression-test popular applications like that.

  7. Vladimir Kolev wrote:
    Well what about security? Why should I make firefox to remember my paypal account password? Seriously, I just don’t see the point making your system more vulnerable or I’m missing something?

    What you’re missing is that it won’t automatically save your password, it’ll just give you the option to do so if you want it rather than the website deciding that you should never be allowed to save your password. Adding this tweak doesn’t make your information any less secure, if you have sites you never want it to remember the password for you can still tell it to never remember and not be bothered with it for your secure sites.

  8. If you want to combine real security with logins’ data, you’d better choose Roboform, which handles IE-engined browsers as well (no double data). It’s shareware, but it’s true security.

  9. Ryan,

    Do you have any similar (code-tweaking) tips for dealing with websites that have login form fields that don’t allow “copy/paste” of passwords into the field?

    That a big aggravation! There are a few web-banking sites I use that allow me to copy/paste the user ID in from my password manager application, but I can’t copy/paste the password field.

    Grrrr.

    Cheers!

  10. Vladimir Kolev wrote:
    Well what about security? Why should I make firefox to remember my paypal account password? Seriously, I just don’t see the point making your system more vulnerable or I’m missing something?

    As some have pointed out before me… this doesn’t automatically save your password. You’ll just be given the option to store your password whereas previously you wouldn’t have had the choice.

    Claus Valca wrote:
    Do you have any similar (code-tweaking) tips for dealing with websites that have login form fields that don’t allow “copy/paste” of passwords into the field?

    Unfortunately I don’t… that is probably being controlled by JavaScript on the site you’re using.

  11. Ive seen something similar to this tweak except they comment out the middle part of that function here is the code:

    _isAutocompleteDisabled : function (element) {
    // if (element && element.hasAttribute(“autocomplete”) &&
    // element.getAttribute(“autocomplete”).toLowerCase() == “off”)
    // return true;

    return false;
    },

    Is there a difference between your and the one above?
    Which is the better way to do it??

  12. @b. moore, no, it makes no difference…

  13. B. Moore wrote:
    Ive seen something similar to this tweak except they comment out the middle part of that function here is the code:

    It essentially does the same thing. There are various approaches you can take… I just tried to do what I thought was the easiest.

  14. excellent, i was just double checking to be sure i didnt mess anything up or if their was a better way. thanks again for the tweak!

  15. i altered my firefox to make it so that any password is saved no matter what. the “remember password” buttons and such will still show up, but no matter what you select your password is saved as soon as you submit the form. it wouldn’t take long to make an extension but this would probably be looked down upon.

  16. doesn’t work on dual field codes… or at least it doesn’t work on meebo

  17. security_pssh -

    What is the code tweak to do that?

    Thanks

  18. Any idea how to do the equivalent in Firefox 2?

    I know someone who can’t upgrade to FF3 because they have an old Mac incapable of running the version of OS X (10.4) that the newer version of the browser requires.

    I’d like to use the same hack, but nsLoginManager.js file does not exist in FF2.

    Thanks in advance for any help.

  19. Didn’t work?
    i’m in mac os X FFv3.0.10
    and i changed the isAutocompleteDisabled to say return false both inside and outside of the if statement but it still does not ask for password on gmail (i’ve checked the list of exceptions in preferences and neither google nor gmail are on it)
    any suggestions?

    thanks

  20. Great tip. I farted around a bit and got it. Guys with security concerns need not worry. This is what I did. I saved all the sites I regularly visit (that needs logins) into my bookmarks. Then I click on the site name under bookmarks, and Firefox alerts me for the master password. I enter the master password and it fills in the fields for me. How to get FireFox to ask for a master password? Simple, go to Edit -> Preferences, select the Security tab, and put a check mark in “Use a master password” under Passwords. There now, no more needing to remember all those passwords and logins. It would be nice if it could automate the login, because I am too lazy to press the login button after FF has filled it in for me. Hope this helps.

  21. I know there is a way to set it up so firefox will always ask you if you want to Remember the password, throught he about:config, but i can’t remember which setting that is.

  22. Is there a .js file tweak like this for (banking) sites that have a 2 stage login where the first screen that takes your userID won’t display it initially but if you doubleclick in the text field autocomplete will list it in a dropdown list?

  23. Xerographist wrote:
    Is there a .js file tweak like this for (banking) sites that have a 2 stage login where the first screen that takes your userID won’t display it initially but if you doubleclick in the text field autocomplete will list it in a dropdown list?

    No, unfortunately the banks are turning to the 2-stage logins so that people can’t really get around them.

  24. I implemented this about a month ago,
    and it worked for login.yahoo.com.
    Then it stopped working, and I noticed that
    I had an entry in my passwords with an empty
    login (and a password). When I deleted that,
    it began working again. Now it is not working :(
    I checked nsLoginManager.js and it still has the
    correct edits.

    Any suggestions?
    How can I enable the this.log to debug this?

  25. OK, that is my anonymous post above.
    I am still having problems with login.yahoo.com
    Only, now it works about 9/10 times.
    Which makes it very difficult to debug.

  26. Thank you, Ryan! I looked all over the web for a solution to this problem! Excellent tip! Worked well. Fixed my problem. It was easy as pie to find, to understand and to do the simple modification. You did a great job explaining it. An 8 year old could do it. It rocks. People like you are the reason I choose to stay with an open-source browser.

  27. I need help…Gmail suddenly quit saving my login info, so I followed the suggestion online to remove my saved Google password (in Firefox) — but after I erased it, I incorrectly assumed I’d be offered the option to “save this password” anew, which I have not been. I’d like to try your method here, but when I click on the “nsLoginMgr” I get an error code “WIndows Script…Syntax error…Microsoft jscript compilation error.” (and that ominous sound like I’m doing something wrong!) Is there an easy way to get around this? Or should I try reinstalling Firefox? I am a beginner w/all this code stuff, but your explanations above seem easy enough for me to try.
    Thanks in advance if anyone can help!
    /brown88

  28. First, let me tank you for this trick, it worked, FireFox once again ask if I’d Like it to remember my Password. While making the change in the
    C:\Program Files\Mozilla Firefox\components\nsLoginManager.js folder, I ran across what seemed to be some strange looking script, but maybe it is how FireFox wrote it, I don’t know but it looked like someone was trying to obtain my passwords. Here is a snip out of the script I found this section just above were you make the true false change, if needed I can post the full file, but this is the part that jumped out at me. Does anyone else have this same script, or is someone trying to hack me? Thanks for any help.

    username field found)”);

    // If we’re not submitting a form (it’s a page load), there are no
    // password field values for us to use for identifying fields. So,
    // just assume the first password field is the one to be filled in.
    if (!isSubmission || pwFields.length == 1)
    return [usernameField, pwFields[0].element, null];

    // Try to figure out WTF is in the form based on the password values.
    var oldPasswordField, newPasswordField;
    var pw1 = pwFields[0].element.value;
    var pw2 = pwFields[1].element.value;
    var pw3 = (pwFields[2] ? pwFields[2].element.value : null);

    if (pwFields.length == 3) {
    // Look for two identical passwords, that’s the new password

    if (pw1 == pw2 && pw2 == pw3) {
    // All 3 passwords the same? Weird! Treat as if 1 pw field.
    newPasswordField = pwFields[0].element;
    oldPasswordField = null;

  29. kindly plz someone tell me that by which way i should open this ns login manager.js file so that i can reach at that exact line easily becus there are so many lines which cannot be found by note pad or any other application plz help me

  30. I tried it with ff3.5. It still does not work with hotmail. Has anyone been able to do it with hotmail.

    Many thanks.

  31. Is there a way to just get rid of the prompt completely but having firefox automatically remember all passwords?

    • Hello are you still around? Im following this thread and need to know how to make firefox automatically save the passwords… I have changed the code so I dont’ get the buttons but it wont’ save the passwords you seem to have figured it out so I”m asking you. please share again

  32. Works like a charm on Yahoo Mail. Thank you for the easy to follow instructions and snapshots. As Ryan indicated, after I updated to Firefox 3.5.4, I had to re-do this simple change to the js file (I opened it with Notepad and searched for the “_isAutocompleteDisabled” section as instructed) and I’m on the road again.

  33. For Firefox 3.5 on Linux, you can find the nsLoginManagerPrompter.js file in /usr/lib/xulrunner-1.x.x.x/components/ folder where x.x.x is the version of xulrunner you are using.

  34. you don’t want firefox to remember your paypal account, do you ? if there are software-spies you don’t want it! come on don’t be naiv.

  35. I have done the above, but it won’t let me save it. It says “Cannot create the ……. file. Make sure that the path and file name are correct.” They are correct… Help?

    Thanks

  36. Yeah, not working with hotmail still :(

  37. Gold… absolute Gold!

  38. I cannot save the file after done the corrections, it will not allow me to do it. any suggestions?

    Thks.

  39. I had an epiphany last night which, for me at least, is the PERFECT balance between simplicity and security.
    I now have the browser store PART of my password, then type in the last few chars.

    This allows the use of a mnemonic word to be coupled with complete gobeldegook, and keystroke recorders (IF one ever made it in) would be useless.

    Example Password = l;a_d0a#r9kpassword
    All I have to remember is ‘password’, and the browser enters the ‘l;a_d0a#r9k’ part.
    I could then, in practice, only have one password to remember, yet technically have a unique PW for each site.

  40. ok how do you make all this work on Windows 7 it will not let me open the JS file still learning Win 7 I feel pretty stupid.

  41. Hi i am trying to open C:\Program Files\Mozilla Firefox\components\nsLoginManager.js

    It keeps prompting me with a error code
    script: C:\program files\ moxilla firefox\components\nsLoginManagerPrompter.js
    Line:39
    Char: 1
    Error: Syntax error
    Code: 800A03EA
    Source: Microsoft JScript compliation error

    How can i open this up so i can make the changes

    Thank you so much
    Brad

    • Open in notepad. Right click file – choose Open With. Or open notepad from the start menu, selct File – Open, and navigate to the nsLogin~ file and open it. By default, in most Windows installs, the computer is trying to actually run the file when you double click on it, while what you would like to do is Edit the file.

      Hope this helps…

  42. how do u disable the prompt firefox gives to save password but still make firefox remeber the password.

  43. there is a better way of doing it. you better follow the link below but it is not complete. the said code doesn’t work in the latest version of firefox.

    [raymond.cc]

    note: do not delete everything as the link above said, instead leave the code below untouched

    this._showLoginNotification(aNotifyBox, “password-save”,
    notificationText, buttons);

    this code is very important because this is when your password saved.

  44. Does NOT work… flat out simply put, this does not work and was a COLOSSAL waste of my time

    • Well, it used to work, unfortunately it seems as if Firefox has made some changes where people can’t make changes to the program format. I have done it once before, like a year ago, and then updated to a newer fire fox, bad idea. Now, no edits can be made, at least I can’t figure out how to save them.

  45. Wow, thanks for sharing the tip with me. For the life of me I could not get the password to work for me with Bookmarklets. I downloaded the editor, which at first tried in word doc form and it did not work. Then changed the syntax and restarted Mozilla. I had changed a password on Yahoo and few other sites and nothing was making it ask to change the password. I log on to my emails 20 times a day and it was getting old. THANKS AGAIN
    Doc832

  46. Using the Windows 7 (x86) version of Firefox.

    Completed the edit above in Wordpad but not able to save the changes “access C:\Programme Files (x86) Mozilla Firefox….denied” comment received.

    I thought the whole beauty of Firefox was the ability to tinker with it, has this changed?

    Re issues over security: the information contained in the particular website I am trying to do this for would be inconsequential if it fell into a third party’s hands.

  47. WOW!!! Thanks so much! I was annoyed that there were certain sites that I had to enter my user ID and LONG password each time. Worked perfectly!

  48. There were some issues with saving passwords to some sites after FF 3.6 came along.

    to overcome the issue I installed FF 3.0 (from the ftp archives) and installed a password exporter,

    [addons.mozilla.org]

    FF3.0 had no problems saving the passwords, so after the new passwords are saved, export the passwords.

    close FF3.0

    open up FF3.6 – FF4 and import passwords into the newer browser.

  49. Hello, How to open the nsLoginManager.js in text editor to modify what I need.
    I have java, but not know how to open file and modify it.
    TNX!

  50. For Firefox 4, the nsLoginManager.js is hidden in omni.jar. Omni.jar is stored in the Mozilla Firefox root installation directory — e.g., C:\Program Files\Mozilla Firefox\omni.jar under 32-bit Windows — and is actually just a ZIP archive. Inside the omni.jar archive, you’ll find the “components” directory where nsLoginManager.js is located.

    So, there are some extra steps with Firefox 4. You’ll need to extract nsLoginManager.js from omni.jar, make the modifications described above and put the edited nsLoginManager.js back into the omni.jar archive. (Or, if you have the right tools, you can edit nsLoginManager.js directly within the archive.)

    • Just press ALT + V on nsLoginManager.js,
      and edit it !
      Good Luck !

    • wkwalker, thanks SO MUCH for finding that info for Firefox 4! I was about to punch someone having to deal with all the ridiculous and random controls forced on me by overzealous web designers.

    • I wonder if the guys at Mozilla will ever finally make this an option accessible in the about:config that will persist across updates. I *really* hope they do.

    • I extracted the omni.jar file by renaming it .zip and then modified the nsloginmanager file as above. re-added it, renamed it to .jar and tried to launch FF4 but it keeps crashing when I launch. So now I’ve reverted back to the original! Any ideas whats wrong?

  51. Thanks wkwalker! I love having this bookmarked and coming back to updated working iformation. I owe ya!

  52. wkwalker’s trick doesn’t appear to work with the OS X version. I unzipped omni.jar, edited the nsLoginManager.js file, re-zipped the folder and I get a message that Firefox has crashed when I try to open Firefox. Of course I kept a backup of the original omni.jar so all is well again, but hopefully someone figures out how to fix this on OS X.

  53. I have tried wkwalker’s trick, changed the data around but it still does not save my password. I am using FF 4.0 on windows 7 64bit. Have removed the data, change true to false, tried comments // but none seem to work.

    • thanks was just about to attempt this whole thing until i read your comment. bah, im on the same boat, ever since i updated ff to ver four, none of my passwords saves anymore its very frustrating to have to type over and over again. someone help us!@

  54. Nevermind, It started working after a couple of day by itself. It did not work immediately.

  55. ARGH!

    The omni.jar solution no longer seems to work after the 4.0.1 update. I took the new jar, did the same process several times slowly each time to make sure I wasn’t forgetting or skipping something, but I’m back to random behaviors at the whims of whichever joker happened to code a particular site or another.

    Is there some sort of prefetch cache I need to clear in Win7? I even rebooted, and nothing changed. I’m really wished this were just a simple freaking setting in the about:config, something like browser.preferences.advanced.tell_sites_with_autocomplete_off_to_go_screw_themselves

  56. …i dont even have the file nsLoginManager.js in the components..

  57. I am using SeaMonkey 2.1RC1.

    I extracted nsLoginManager.js from omni.jar via WinZip and edited nsLoginManager.js to change “return true;” to “return false;”. I then used WinZip to delete the old nsLoginManager.js from omni.jar. Finally, I used WinZip to add the edited nsLoginManager.js into omni.jar. Afterwards, having launched and then terminated SeaMonkey, I checked nsLoginManager.js in omni.jar and verified that my changes were still there.

    It does not work! Editing nsLoginManager.js for SeaMonkey 2.0.14 (where it was not zipped into omni.jar) did work.

    • Even after removing the edits, Password Manager no longer works under any situation.

    • I reverted back to SeaMonkey 2.0.14 and made sure it worked, including the change to nsLoginManager.js.

      Then I reinstalled SeaMonkey 2.1RC1, editing nsLoginManager.js as described above. This time, Password Manager is NOT hosed. It seems to be working. However, I do not yet know whether the edit to nsLoginManager.js will enable the saving of passwords at sites that try to disable saving.

  58. Hi, have been following this thread from top to bottom.
    I have Firefox version 3.5.19, i have followed the instructions and managed to edit the nsLoginManager in WordPad however when i try to save the file it says “Access denied” is there any way i can go about this to get to save & work?
    Help is greatly appreciated! Thank You.

  59. ?? I do not find this file ??
    I am using FF 4.0
    the only things in the components folder are:
    binary.manifest
    browsercomps.dll
    nppl3260.xpt
    nsjrealpayerplugin.xpt

    • In Firefox 4.0 and SeaMonkey 2.1, file nsLoginManager.js is embedded in omni.jar, which is a ZIP file without the .zip file extension. You can use WinZip or a similar application to view the contents of omni.jar and extract nsLoginManager.js for editing. I found, however, that I could not reinsert the edited nsLoginManager.js into omni.jar without first deleting the original copy of that file from omni.jar.

      As I noted earlier in this discussion, editing nsLoginManager.js does not really work for SeaMonkey 2.1 and seems to break Password Manager in a way that requires reinstalling SeaMonkey.

  60. Have all the people using Win7 who couldn’t get it to save, run their favourite text editor as Administrator? I use Notepad++, and it wouldn’t let me save the file unless I ran it as Administrator. Then, no problems.

    Right-click on your text editor, click on Run as administrator, then open the file, edit and save, and you should be sweet.

    • “Then, no problems.” Have you tried this with Firefox 4 or SeaMonkey 2.1?

      I successfully edited nsLoginManager.js and confirmed that the edits did indeed exist in that file as zipped into omni.jar. However, the edit did not allow the saving of passwords from sites where autocomplete is disabled. The edit did work in SeaMonkey 2.0.x, which is why I am asking about SeaMonkey 2.1 (or Firefox 4, which has the same problem).

  61. I think I have discovered why this does not work with Firefox 4 and SeaMonkey 2.1. However, I still don’t know how to fix it.

    The files zipped into omni.jar indicate a subfolder. With Windows XP for example, nsLoginManager.js indicates that it is from \component.

    Using WinZip, I was unable to replace that instance of nsLoginManager.js with an edited version. I tried editing directly vis WinZip (viewing the file in Wordpad). I tried extracting to a \components folder, editing it there, and then adding the result back into omni.jar using various WinZip options. In all cases, I was unable to replace the nsLoginManager.js from \component. Instead, I got nsLoginManager.js with a blank subfolder.

    No, I have not given up. However, if someone else can determine how to get nsLoginManager.js back into omni.jar with \components as its subfolder, please let us know.

    • I copied omni.jar into a folder of its own. Using WinZip, I extracted all files with the option to place them in their respective subfolders. nsLoginManager.js was thus in \components. I edited nsLoginManager.js. After deleting this copy of omni.jar, I used WinZip to create a new zip file from all the extracted files with their subfolders. Renaming the zip file to be omni.jar, I replace the existing omni.jar in the SeaMonkey root.

      When this was all done, I checked the contents of the new omni.jar. I had indeed succeeded in creating an edited nsLoginManager.js for the \components subfolder.

      When I tested this, I discovered that my only logins affected by Web pages disabling the saving of passwords were split logins (user ID on one page with password on the next page). Since split logins are not working with SeaMonkey 2.1 even when the passwords have been saved, I can’t test the results of contriving a new omni.jar with an edited nsLoginManager.js.

  62. This should be an “about:config” pref!! why hasn’t anyone brought this to the attention of the developers? Letting websites control the “save password prompt” is more of an annoyance than a security feature!

    • Does it work with Firefox 4 and 5 and with SeaMonkey 2.1 and 2.2? Does it work with split logins, where the user ID is entered on one page and the password is entered on the next page?

      I notice that the page to which you link — the page with the Remember Password bookmarklet — has not been updated in seven years.

  63. Folks, all of you who are spending time editing Firefox source files really just need to learn how to use Greasmonkey. Install Greasemonkey and then install this script:

    [userscripts.org]

    No Firefox source editing required, and it’ll work through updates.

  64. Stanimir Stamenkov is attempting to create an extension that addresses this problem. His latest attempt is available at [[addons.mozilla.org]+fx.xpi?src=addondetail]. This should be compatible with Firefox 5 and 6 and with SeaMonkey 2.2 and 2.3.

    Eventually, Stamenkov hopes to include (or do as a separate extension) a fix for the problem of using saved passwords with split logins (logins where the user ID is input on one page and the password is input on a subsequent page).

  65. Can someone help me please its says access deniedd…wht should i do???

    • Try the Remember Passwords extension at [addons.mozilla.org] While this is marked as not completely reviewed by the addons.mozilla.org staff, I have been using it successfully since the end of July.

  66. This bookmarklet works on Firefox on Mac Snow Leopard.

    [forums.mozillazine.org/viewtopic.php?f=38&t=2129039]

    You do have to click the marklet before you fill in the form, but only the first time – after that it fills in the form for you.

    At least there’s no editing to do.

  67. i never use to have to type in my password for yahoo mail but not i do… not sure if i changed something accidentally that would be controlling yahoo password or not but even with the chk mark for yahoo mail i still have to type in the password… it dosent even come up as remembered as i type.. whats up. i cant figure it out is it a cookie thing or what?

  68. what font is that in the screen shots.

  69. Hey all,
    I’ve created an omni.jar with the necessary changes to nsloginmanager.js.
    Check out the blog post with links to the omni.jar – [benryanau.wordpress.com]

    cheers

  70. Nice article. How to hidden email and password field?
    example: After log out, the email and password field will still blank (user no see the email and hidden password like ******) just still view blank field. How to setting it? Please help. Thank you so much.

Leave Your Comment


Message is the only required field.
Emails are not published.